Thursday, January 22, 2009

If its old then personal data security doesn't matter says DWP

Data security is always going to be a hot topic given the sheer amount of people's personal identifiable data has been lost by the Government in the last couple of years. In light of the HMRC scandal the Government launched a new investigation, and the Cabinet Office now has guidelines for accreditation of systems that hold personal data.

However, it would appear that these new requirements are not being applied on old systems if the words of the Department for Work and Pensions minister, Jonathan Shaw are accurate. When asked by Mark Harper MP in Parliament why the "customer information system does not meet Cabinet Office rules for personal data" he replied,
The Cabinet Office's requirements for accreditation apply only to IT systems which were introduced after 1 July 2008.
So essentially the Government have decided that any system holding personal data that is over seven months old doesn't need to meet the supposedly "tough" new accreditation requirements.


Anonymous said...

"Department for Wok and Pensions"

I knew we had a lot of East Europeans here but I didnt know it was that far East!

dizzy said...

That;s the annoying thing about typos which are also correctly spelt words. They don't bloody show up!

Anonymous said...

The commend from the professional fool is utter bollocks. New systems are required to meet the new requirements before being allowed in to service, older systems have a grace period. Mr Shaw should check the Cabinet Office website where the various Security Policy Framework documents are fairly explicit.

Tier 4 of SPF, which is the protectively marked version, doesn't say anything that startling.

Anonymous said...

Surely this warrants more attention than it has had currently? This is a shameful admission!